|
|
Colapse all |
Post message
[KIS-2015-09] Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability 2015-11-04 Egidio Romano (research karmainsecurity com) [KIS-2015-07] ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability 2015-11-04 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------------ -- ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability ------------------------------------------------------------------------ -- [-] Software Link: http://www.atutor.ca/ [-] Affected Versions: Versi [ more ] [ reply ] [KIS-2015-08] ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability 2015-11-04 Egidio Romano (research karmainsecurity com) --------------------------------------------------------------- ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability --------------------------------------------------------------- [-] Software Link: http://www.atutor.ca/ [-] Affected Versions: Version 2.2 and prior versions. [- [ more ] [ reply ] [KIS-2015-06] ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability 2015-11-04 Egidio Romano (research karmainsecurity com) ---------------------------------------------------------------------- ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability ---------------------------------------------------------------------- [-] Software Link: http://www.atutor.ca/ [-] Affected Versions: Version 2.2 and p [ more ] [ reply ] [KIS-2015-05] ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability 2015-11-04 Egidio Romano (research karmainsecurity com) ------------------------------------------------------------------------ - ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability ------------------------------------------------------------------------ - [-] Software Link: http://www.atutor.ca/ [-] Affected Versions: Version [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-15:25.ntp [REVISED] 2015-11-04 FreeBSD Security Advisories (security-advisories freebsd org) [security bulletin] HPSBGN03429 rev.2 - HP Arcsight Logger, Remote Disclosure of Information 2015-11-03 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04863612 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04863612 Version: 2 HPSBGN03429 r [ more ] [ reply ] [security bulletin] HPSBGN03425 rev.1 - HP ArcSight SmartConnectors, Remote Disclosure of Information, Local Escalation of Privilege 2015-11-03 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04850932 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04850932 Version: 1 HPSBGN03425 r [ more ] [ reply ] [security bulletin] HPSBGN03430 rev.1 - HP ArcSight products, Local Elevation of Privilege 2015-11-03 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04872416 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04872416 Version: 1 HPSBGN03430 r [ more ] [ reply ] [security bulletin] HPSBGN03386 rev.2 - HP Central View Fraud Risk Management, Revenue Leakage Control, Dealer Performance Audit, Credit Risk Control, Roaming Fraud Control, Subscription Fraud Prevention, Remote Disclosure of Information, Local Disclosure 2015-11-03 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04751893 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04751893 Version: 2 HPSBGN03386 [ more ] [ reply ] [security bulletin] HPSBGN03426 rev.1 - HP Mobility Software, Remote Execution of Arbitrary Code 2015-11-02 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04874668 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04874668 Version: 1 HPSBGN03426 r [ more ] [ reply ] [security bulletin] HPSBMU03518 rev.1 - HP Vertica, Remote Code Execution 2015-11-02 security-alert hpe com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId= emr_n a-c04873095 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04873095 Version: 1 HPSBMU03518 r [ more ] [ reply ] CVE-2015-7326 (XXE vulnerability in Milton Webdav) 2015-11-02 0ang3el gmail com Dear all, I've recently found vulnerability in Milton Webdav 2.7.0.1 (project page - http://milton.io/). Milton Webdav is a Java library for adding webdav capabilities to your applications. Milton Webdav supports PROPFIND, PROPPATCH and LOCK methods. This Webdav methods expect XML in request body. [ more ] [ reply ] Accentis Content Resource Management System - XSS 2015-11-02 GalaxyCVEcollector gmail com # Vulnerability type: Stored Cross Site Scripting # Vendor: http://www.accentis.com.au/ # Product: Accentis Content Resource Management System # Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan # CVE ID: CVE-2015-3425 # PROOF OF CONCEPT (XSS) Accentis Content Resource Management System before Oct [ more ] [ reply ] Accentis Content Resource Management System - SQL 2015-11-02 GalaxyCVEcollector gmail com Issue 1 # Vulnerability type: SQL Injection # Vendor: http://www.accentis.com.au/ # Product: Accentis Content Resource Management System # Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan # CVE ID: CVE-2015-3424 # PROOF OF CONCEPT (SQLi) Accentis Content Resource Management System before October [ more ] [ reply ] Cross-Site Scripting | Zeuscart V4 2015-11-02 ITAS Team (itas team itas vn) #Vulnerability: Cross-Site Scripting #Vendor: http://www.zeuscart.com #Download link: http://zeuscart.com/download/ #Affected version: Zeuscart V4 #CVSS v3.0 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N #Condition: The attack is performed by an "Anonymous User" #Payload: "--><ScRipt>alert(/ITASVN/)</ [ more ] [ reply ] TCPing 2.1.0 Buffer Overflow 2015-11-01 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-TCPING-2.1.0-BUFFER-OVERFL OW.txt Vendor: ================================ Spetnik.com Product: ================================= Spetnik TCPing 2.1.0 / tcping.exe circa 200 [ more ] [ reply ] [SECURITY] [DSA 3386-1] unzip security update 2015-10-31 Laszlo Boszormenyi \(GCS\) (gcs debian org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------ - Debian Security Advisory DSA-3386-1 security (at) debian (dot) org [email concealed] https://www.debian.org/security/ Laszlo Boszormenyi (GCS) October 31, 2015 [ more ] [ reply ] [SECURITY] [DSA 3385-1] mariadb-10.0 security update 2015-10-31 Salvatore Bonaccorso (carnil debian org) [slackware-security] jasper (SSA:2015-302-02) 2015-10-29 Slackware Security Team (security slackware com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] jasper (SSA:2015-302-02) New jasper packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ p [ more ] [ reply ] PHP Server Monitor 3.1.1 Privilege Escalation 2015-10-30 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-PRIV-ESCALAT E.txt Vendor: ================================ www.phpservermonitor.org sourceforge.net/projects/phpservermon/files/phpservermon/PHP%20Server%20 Monit [ more ] [ reply ] PHP Server Monitor 3.1.1 CSRF 2015-10-30 apparitionsec gmail com [+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPSRVMONITOR-CSRF.txt Vendor: ================================ www.phpservermonitor.org sourceforge.net/projects/phpservermon/files/phpservermon/PHP%20Server%20 Monitor%20v3.1 [ more ] [ reply ] |
|
Privacy Statement |
Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability
-----------------------------------------------------------------------
[-] Software Link:
https://piwik.org/
[-] Affected Versions:
Version 2.14.3 an
[ more ] [ reply ]